[Fixed] Hijackthis! Logs - [FIXED] Hijacked Home Page! posted in the Security & Safety forums; Hello to all. It seems that this problem of hijacking a computer is way too common, and maybe I should consider myself lucky to not have had it happen before ...
Hello to all. It seems that this problem of hijacking a computer is way too common, and maybe I should consider myself lucky to not have had it happen before this.? Anyway, now I'm a victim.? My home page has been replaced with a search page and various sites have been added to my Favorites file.? They return after deleting them, of course.? I've run Spybot, Ad-aware, and CWShredder.? No change.? Here's my Hijack this! log. Any help is greatly appreciated.
Doug
Logfile of HijackThis v1.99.1
Scan saved at 3:35:08 AM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
May i first recommend that you upgrade to Service Pack 2 after someone else comes along and tells you what to remove from your log.? :-)
Its not a good idea to install sp2 on an infected machine , if someone has no service pack at all you can let them install sp1 but you really should wait with sp2 till there pc is clean.
Before using Hijack This Can you please do this for me:
Show hidden files and folders:
For XP:
1.On the Tools menu in Windows Explorer, click Folder Options.
2.Click the View tab.
3.Under Hidden files and folders, click Show hidden files and folders.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.
Then disable system restore to prevent re-infection.
(if you have/use it.)
(you can turn it back on when youre pc is clean).
How to disable system restore:
WinXP.
Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
And then do some pre-work clean up
From this point do everything in safemode: (hit f8 when booting up)
when you go into safe mode press control alt delete to bring up the task manager end every task running exept explorer and systray.
empty the windows\prefetch folder ,
empty the c:\windows\temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files folder EXCEPT the content.ie5 folder (may be hidden).
(replace administrator with youre user name)
And close all instances of IE and OE ,then go to: Control Panel / Internet Options / General tab ,
Click the "Delete Files" button.
When prompted place a check in: "Delete all offline content", click OK. This removes the junk files such as downloaded files, zero byte files created by Outlook Express and many other hidden files that reside in your cache.
I believe there has been some success although I was not able to delete sdkcq.exe and iezr.exe from the WINNT folder. Something about a read-only file and make sure it isn't being accessed by someone. Also the msmn32.dll folder wasn't in the system32 folder to be deleted. Here is the new log as requested. Thanks much.
Logfile of HijackThis v1.99.1
Scan saved at 10:23:58 PM, on 7/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Hello again.? I was able to follow your instructions after downloading about buster.? I believe you've succeeded in removing the problem.? My conservative nature dictated that I use my computer as usual for a couple of days before reaching that conclusion.? : : :
Here's a new log posting. Any further recommendations/instructions?? ?And Thanks so much.
Logfile of HijackThis v1.99.1
Scan saved at 6:37:51 AM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
[FIXED] Hijacked Home Page!
: 
Linear Mode
